Medical Blackmail

In light of other recent news, it was easy to ignore another star’s sordid life confessional. If you missed it, Charlie Sheen decided to disclose that he was diagnosed with HIV four years ago. His choice to go public was spurned by blackmail threats by one, or perhaps more, of his past partners. Sheen’s poor life choices aside, medical blackmail is a growing concern in a time when medical information is vulnerable to disclosure. It goes beyond an individual exploiting a juicy piece of gossip for personal gain. Now that electronic medical records are becoming more common, just how often does medical blackmail happen?

The Washington Post has a short article, here listing the various data breaches that have occurred over the last two years in the health sector, including two instances of blackmail:

“In one case involving a surgery practice in the Libertyville, Ill., in 2012, hackers got to e-mails and medical records in their servers and left a digital ransom note. In 2008, St. Louis-based Express Scripts told 700,000 customers that their information may have been exposed after the company received a ransom note containing the Social Security numbers and prescription records for 75 of its members.”

Both companies did not pay and contacted authorities.

The article says that the Department of Health and Human Services data show that since 2009 more than 120 million people have been compromised in more than 1,100 separate breaches of organizations that handle protected health data. One of the largest was Anthema in which some 80 million personal records were accessed by hackers, although none of the data was stolen. Another high-profile case was Community Health Services in Tennessee in which 4.5 million patients’ data was compromised.

There are several benefits to electronic health records (EHRs). For one, it is easy to transfer medical information from one doctor to another. People typically have several doctors involved in their care, particularly if they need to see a specialist. EHRs make it easy to transfer medical records from one doctor to another. Also, there have been instances where being able to search through thousands of EHRs have helped doctors know how patients with a combination of conditions or medications will likely respond to a new medication.

However, the problem with making EHRs transferrable and accessible is that they are more vulnerable to hacking. Aside from identity theft, blackmail and insurance fraud are common ways to use medical data records. MIT Technology Review reports that there has been a 600% increase in malware attacks on hospitals in the last year. According to a colleague of mine who has worked in healthcare IT, part of the problem is that the healthcare industry does not invest in cybersecurity, mainly because doctors tend to run hospitals and are not necessarily knowledgeable on these things. This is echoed in other reports about the problems with cybersecurity in the medical sector.

Privacy is a big concern when it comes to Big Data. As our abilities to collect, store, and analyze data increases so must our ability to keep data secure.